Re: What can't sudo do?

To: Bill Moseley <moseley@hank.org>, debian-user@lists.debian.org
Subject: Re: What can't sudo do?
From: "Gregory K. Johnson" <gkj@gregorykjohnson.com>
Date: Tue, 16 Mar 2004 21:03:51 -0500
Message-id: <[🔎] 20040317020351.GA908@andy.gregorykjohnson.com>
Mail-followup-to: Bill Moseley <moseley@hank.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20040315225249.GC5390@hank.org>
References: <[🔎] 20040315225249.GC5390@hank.org>

On Mon, Mar 15, 2004 at 02:52:49PM -0800, Bill Moseley wrote:
[snip]
> If I use sudo (to
> try and provide most admin functions) then I would worry because my
> normal account then has more privileges that I'd want.  Then someone only
> need to gain access to my account instead of root.
[snip]

I assume you're not using the NOPASSWD tag; I dislike it for the same
reasons you seem to. When not using NOPASSWD, you're prompted for a
password only if 15 minutes has passed since you last used sudo. (The
delay is configurable; see sudoers(5) for timestamp_timeout.) When
you're done, just run 'sudo -k' to invalidate the timestamp as if 15
minutes had elapsed. After this, no one can use your sudo privileges
without re-entering the password.

-- 
Gregory K. Johnson
favorites: Vim, Mutt, LaTeX, Zsh, screen or Fluxbox, Python or C,
           Linux, Debian, the GPL, man pages, RPN, HP 48/49, PSION 5mx

Reply to:

References:
- What can't sudo do?
  - From: Bill Moseley <moseley@hank.org>

Prev by Date: Re: What's the tool to set /ect/rc.* links?
Next by Date: postgresql configuration and set-up
Previous by thread: Re: What can't sudo do?
Next by thread: GOOD NEWS Online Magazines issue007
Index(es):
- Date
- Thread